asp.net 4.5.2, html5 etc
Our site is on https. However, we need to embed an iframe which calls out to a service that is not available over https.
Chrome blocks this so the embedded content does not display.
Is there any way in asp.net config to reliably force this content to be displayed in spite of it only being available over http?
Related
I've got an .NET Core application running inside an IFRAME on a WordPress site.
Wordpress site: http://staging.mysite.com
.NET Core app in IFRAME:
https://app.mysite.com
The .NET Core app gets a cookie set by WordPress and uses it, it uses this method:
_httpContextAccessor.HttpContext.Request.Cookies.TryGetValue("LoggedUserToken", out var userToken);
The cookie appears as follows in Chrome:
Name: LoggedUserToken
Value: cB/7TkfmgY+Wiz+yoxYZpfd5cHy4Qenx
Domain: .mysite.com
Path: /
Expires: 2022-01-21T11:04:37.539Z
HttpOnly: (blank)
Secure: (blank)
Samesite: (blank)
SameParty: (blank)
Priority: (medium)
When I load the WordPress page with the IFRAME, the IFRAME fails to find the cookie, it is blank.
If I load the IFRAME directly in the browser (app.mysite.com) it finds the shared domain cookie and uses the value correctly.
The thing is the same system works fine on three other WordPress sites, though they are a different flavour (they are Bitnami multistack, and this problem one is Trellis/Sage/Bedrock single site).
So I'm thinking this cold be WordPress somehow messing up the IFRAME? Or not sending the cookies somehow?
Why would this work in an IFRAME on one WP site, but not another? Why would it work outside the IFRAME but not in it?
Is this because the staging site is http and the web app is https? Is there an issue with an IFRAME running inside an http site that means it can't load shared cookies, but when you run it in the browser outside the iframe is can read the exact same cookies?
Confused.
It looks like both the WordPress site and the app in the IFRAME needed to be on https, if the WP site is on http then the https IFRAME can't access the shamed domain cookies. As soon as I made the wp site https it all worked fine.
I have some videos hosted on my server and a third-party application using those hosted videos in their web application. I am using the IIS server and provide the URL to access those videos which they(third party) used on their web page as a video source.
The problem is the link I provide them is using HTTP protocol but their application is using HTTPS protocol before chrome update it is working fine. Since the update to Chrome version 80 when they click on the play button the requested link is converted automatically from HTTP to HTTPS and didn't play the video.
To explain it more they have a webpage and on that page, they are using video tag and as a source to that video tag, they are using my hosted video links that use HTTP.
I saw the update about same-site in cookies in new chrome 80 but didn't understand does it needs to be done on my site or the other party.
So my questions are should I change my protocol to HTTPS?
Can I add a cookie through IIS (I know something about URL-Rewrite but don't exactly know what to do)?
Did I need to add a cookie through IIS?
Hopefully I am able to explain it properly. Sorry in advance if it is still ambiguous.
Thanks for help
I have a SWF that works on the web but not over an intranet. The SWF loads it's initial XML content by binding to an asmx HTTP handler. Same code - different servers. On the intranet - a right click shows a SWF context menu - but there is no content rendered. IIS is serving up the correct MIME type (swf/flv) so I think it might be a client issue. The problem occurs on IE/Chrome/FF. Have adjusted browser intranet security settings and looked in advanced settings - no joy yet.
problem solved. the SWF is licenced to work on a specific www domain only.
I am trying to build a form in asp.net 1.1, the problem I am facing is when I run the page on http everything works fine, but on https it submits the page with out any validation on client side. The page supposed to validate fields which it does on http but not https.
Page works in all other browsers. FF,chrome,safari,ie6, ie7, the problem is only in IE8 and only when the page moves to https.
Using windows server 2003 on IIS v6.0.
Are you using JavaScript to do client-side validation? If so, are you including the script from a URL that is SSL or non-SSL? If the script isn't going over SSL, perhaps IE is throwing it out as insecure.
My website is HTTPS and I use a redirect module to change any requests for a HTTP page into an HTTPS page. This works nicely using this...
http://www.codeproject.com/KB/aspnet/WebPageSecurity.aspx
However, the page also gets various script resources as part of the ASP.Net AJAX and Telerik controls e.g.
http://www.mywebsite.co.uk/ScriptResource.axd?d=RZJPznutyCmbbBAHSbKedj3kgUyiK7uBICOoB7IdFt8MWVJ-D-TxNWt-mdkCrv5HGSAToaV2udumFlE1EKBiow2&t=7dbf7a27
As the majority of my site uses HTTPS and then a few GET requests to form the page use HTTP IE8 does not like this at all and prompts the user to only show the content received via HTTPS. If the user does this then the ASP.Net AJAX javascript files are not loaded into the browser and chaos occurs!
Is there a way I can tell ASP.Net or IIS to serve all requests via ScriptResource.axd as HTTPS? I saw on a forum someone saying they had used a handler to do this but no example code was supplied.
Would be really greatful for a pointer in the right direction.
Thanks.